public async Task <IActionResult> RefreshAsync([FromBody][Bind("Token, RefreshToken")] RefreshTokenViewModel tokens)
{
var principal = GetPrincipalFromExpiredToken(tokens.Token);
if (principal == null)
{
return(Unauthorized("Invalid access token"));
}
var response = await _jwtTokenGenerator.Refresh(principal, tokens.RefreshToken);
if (response.token == null)
{
return(Unauthorized("Invalid access token"));
}
if (response.refreshToken == null)
{
return(Unauthorized("Invalid refresh token"));
}
if (response.token == null && response.refreshToken == null)
{
return(NoContent());
}
return(Ok(
new
{
Token = response.token,
RefreshToken = response.refreshToken
}));
}
private async Task <AccessTokenViewModel> GenerateAccessTokenAsync(ApplicationUser user)
{
string refreshToken = Guid.NewGuid().ToString();
var dtIssued = DateTime.UtcNow;
var dtExpired = dtIssued.AddMinutes(SWCmsConstants.AuthConfiguration.AuthCookieExpiration);
var dtRefreshTokenExpired = dtIssued.AddDays(SWCmsConstants.AuthConfiguration.AuthCookieExpiration);
RefreshTokenViewModel vmRefreshToken = new RefreshTokenViewModel(
new RefreshTokens()
{
Id = refreshToken,
Email = user.Email,
IssuedUtc = dtIssued,
ClientId = SWCmsConstants.AuthConfiguration.Audience,
Username = user.UserName,
//Subject = SWCmsConstants.AuthConfiguration.Audience,
ExpiresUtc = dtRefreshTokenExpired
});
var saveRefreshTokenResult = await vmRefreshToken.SaveModelAsync();
AccessTokenViewModel token = new AccessTokenViewModel()
{
Access_token = await GenerateTokenAsync(user, dtExpired, refreshToken),
Refresh_token = saveRefreshTokenResult.Data.Id,
Token_type = SWCmsConstants.AuthConfiguration.TokenType,
Expires_in = SWCmsConstants.AuthConfiguration.AuthCookieExpiration,
//UserData = user,
Issued = dtIssued,
Expires = dtExpired,
};
return(token);
}
public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
var refreshTokenId = Guid.NewGuid().ToString("n");
var userManager = StructuremapMvc.StructureMapDependencyScope.Container.GetInstance <UserManager <IdentityUserViewModel, ObjectId> >();
var token = new RefreshTokenViewModel()
{
TokenId = AppMethods.GetHash(refreshTokenId),
Subject = context.Ticket.Identity.Name,
IssuedUtc = DateTime.UtcNow,
ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(3600))
};
context.Ticket.Properties.IssuedUtc = token.IssuedUtc;
context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc;
token.ProtectedTicket = context.SerializeTicket();
var refreshTokenService = StructuremapMvc.StructureMapDependencyScope.Container.GetInstance <IRefreshTokenService>();
var result = await refreshTokenService.AddRefreshToken(token);
if (result)
{
context.SetToken(refreshTokenId);
}
}
public async Task SaveRefreshToken(RefreshTokenViewModel model)
{
var existe = await _context.Usuarios.AnyAsync(e => e.Id == model.IdUsuario);
if (!existe)
{
throw new BusinessException("Usuário não encontrado");
}
var token = await _context.RefreshTokens.FirstOrDefaultAsync(e => e.IdUsuario == model.IdUsuario);
var entity = _mapper.Map <RefreshToken>(model);
try
{
if (token != null)
{
_context.RefreshTokens.Remove(token);
}
_context.RefreshTokens.Add(entity);
await _context.SaveChangesAsync();
}
catch (Exception ex)
{
throw new PersistenceException(ex);
}
}
public async Task <IActionResult> RefreshAsync([FromBody] RefreshTokenViewModel model)
{
if (this.ModelState.IsValid == false)
{
return(this.BadRequest(this.ModelState));
}
var userName = this.tokenService.GetUserNameFromJwtToken(model.Token);
User user = await this.tokenService.ValidateRefreshToken(userName, model.RefreshToken);
if (user == null)
{
return(this.BadRequest());
}
string newRefreshToken = this.tokenService.GenerateRefreshToken();
string newJwtToken = this.tokenService.GenerateJwtToken(userName);
await this.tokenService.SetRefreshToken(
user,
refreshToken : new RefreshToken()
{
Token = newRefreshToken, UserId = user.Id
});
return(new ObjectResult(new
{
user = user.ToViewModel(),
token = newJwtToken,
refreshToken = newRefreshToken
}));
}
public IActionResult CheckRefreshTokenIsActive([FromBody] RefreshTokenViewModel model)
{
try
{
var principal = GetPrincipalFromExpiredToken(model.Token);
var savedRefreshToken = _userService.GetRefreshTokenByUserName(principal.Identity.Name);
if (savedRefreshToken != model.RefreshToken)
{
throw new SecurityTokenException("Invalid refresh token");
}
if (this.TokenExpired(model.Token))
{
return(Ok(new ResultResponseViewModel <object>()
{
IsSuccess = true,
Response = this.RefreshToken(model.Token, model.RefreshToken)
}));
}
return(Ok(new ResultResponseViewModel <string>()
{
IsSuccess = true, Message = string.Empty
}));
}
catch (Exception e)
{
return(Ok(new ResultResponseViewModel <string>()
{
IsSuccess = false, Message = "Usuário e/ou Senha inválidos", Response = e.Message
}));
}
}
public async Task <ActualResult <TokenModel> > SignInByRefreshToken(RefreshTokenViewModel model)
{
model.ClientType = model.ClientType.ToUpper();
var protectedTicket = await _accountService.GetProtectedTicket(GetHash(model.RefreshToken));
if (protectedTicket == null)
{
return(new ActualResult <TokenModel>("Invalid refresh token"));
}
if (protectedTicket.ClientType != model.ClientType)
{
return(new ActualResult <TokenModel>("Invalid client id"));
}
var identity = await GetIdentity(protectedTicket.ClientType, protectedTicket.Email);
if (identity == null)
{
return(new ActualResult <TokenModel>("User not found"));
}
var refreshToken = await CreateRefreshToken(protectedTicket.ClientType, protectedTicket.Email);
if (refreshToken == null)
{
return(new ActualResult <TokenModel>("Error while create refresh token"));
}
return(new ActualResult <TokenModel> {
Result = GetToken(identity, refreshToken)
});
}
public async Task <IActionResult> RefreshToken([FromBody] RefreshTokenViewModel refreshTokenViewModel)
{
return(await Validation_ModelState_wLog(ModelState, async() =>
{
var user = await userManager.FindByEmailAsync(refreshTokenViewModel.Email);
var tokenState = userBehaviour.VerifyCustomToken(refreshTokenViewModel.RefreshToken, user.Id, TokenType.Refresh);
if (tokenState == CustomTokenState.SelfDestruct)
{
return Conflict("Destroyed refresh token. Reauthentication is required.");
}
else if (tokenState == CustomTokenState.Invalid)
{
return Conflict("Invalid refresh token.");
}
else if (tokenState == CustomTokenState.Valid)
{
var result = GetAuthTokens(user);
return Ok(result);
}
else
{
return Conflict("Unauthentificated. You have not been authentificated yet.");
}
}));
}
public async Task <ServiceResult> RefreshToken([FromBody] RefreshTokenViewModel refreshToken)
{
var serviceResult = new ServiceResult();
var refreshTokenFromDatabase = await _userService.GetUserRefreshTokensAsync(refreshToken);
if (refreshTokenFromDatabase == null)
{
serviceResult.HttpStatusCode = HttpStatusCode.BadRequest;
serviceResult.HttpStatusText = HttpStatusCode.BadRequest.ToString();
serviceResult.Message = "Unauthorized";
serviceResult.MessageType = Todo.Core.Enums.EMessageType.Error;
serviceResult.MessageTypeText = serviceResult.MessageType.ToString();
return(serviceResult);
}
if (refreshTokenFromDatabase.ExpiresUtc < DateTime.UtcNow)
{
serviceResult.HttpStatusCode = HttpStatusCode.Unauthorized;
serviceResult.HttpStatusText = HttpStatusCode.Unauthorized.ToString();
serviceResult.Message = "Unauthorized";
serviceResult.MessageType = Todo.Core.Enums.EMessageType.Error;
serviceResult.MessageTypeText = serviceResult.MessageType.ToString();
return(serviceResult);
}
var jwt = await _jwtFactory.GenerateEncodedToken(refreshTokenFromDatabase.User, refreshTokenFromDatabase);
serviceResult = new ServiceResult {
Result = jwt, MessageType = Todo.Core.Enums.EMessageType.Success
};
return(serviceResult);
}
public async Task RefreshTokenExchangeAsync__Passed_access_and_refresh_tokens_are_valid__Should_return_200OK_response_with_new_tokens()
{
var newJwtToken = new JwtSecurityToken(issuer: "example.com", expires: DateTime.UtcNow.AddDays(1));
string newAccessToken = new JwtSecurityTokenHandler().WriteToken(newJwtToken);
var savedRefreshToken = new RefreshToken {
Id = "1", Token = _refreshToken, ExpiryIn = (int)new DateTimeOffset(DateTime.UtcNow.AddDays(2)).ToUnixTimeSeconds()
};
var newRefreshToken = new RefreshToken {
Id = "2", Token = "newRefreshToken", ExpiryIn = (int)new DateTimeOffset(DateTime.UtcNow.AddDays(2)).ToUnixTimeSeconds()
};
SetUpMocksForSucceed(newJwtToken, newAccessToken, savedRefreshToken, newRefreshToken);
_mapperMock.Setup(x => x.Map <RefreshTokenDto>(It.IsNotNull <RefreshToken>())).Returns(new RefreshTokenDto(newRefreshToken.Token, newRefreshToken.ExpiryIn));
var controller = new AuthController(_jwtTokenHandlerMock.Object, _refreshTokenManagerMock.Object, _logger, _mapperMock.Object);
var refreshRequestBody = new RefreshTokenViewModel {
AccessToken = _validAccessToken, RefreshToken = _refreshToken
};
var result = await controller.RefreshTokenExchangeAsync(refreshRequestBody);
(result as ObjectResult).StatusCode.Should().Be(200);
((result as ObjectResult).Value as ResponseWrapper).Error.Should().BeEquivalentTo(new ApiError());
(((result as ObjectResult).Value as ResponseWrapper).Data as RefreshTokensResponseDto).AccessToken.Should().NotBeNull();
(((result as ObjectResult).Value as ResponseWrapper).Data as RefreshTokensResponseDto).RefreshToken.Should().NotBeNull();
}
public ViewResult RefreshToken(RefreshTokenViewModel model)
{
if (this.ModelState.IsValid)
{
try
{
// Create the client with which we will be connecting to the server.
var webServerClient = new WebServerClient(this.AuthorizationServerDescription, clientIdentifier: model.ClientId, clientSecret: model.ClientSecret);
// Create an AuthorizationState instance with only the refresh token set. This is all that is needed for
// OAuth to be able to determine what token is to be refreshed
var authorizationState = new AuthorizationState {
RefreshToken = model.RefreshToken
};
// Refresh an access token (http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-6)
// This method will use the client identifier and client secret used when constructing the WebServerAgentClient instance
webServerClient.RefreshAuthorization(authorizationState);
this.ViewBag.AccessToken = authorizationState;
}
catch (Exception ex)
{
this.ViewBag.Exception = ex;
}
}
return(this.View(model));
}
public IActionResult Refresh([FromBody] RefreshTokenViewModel model)
{
return(Ok(new ResultResponseViewModel <object>()
{
IsSuccess = true,
Response = this.RefreshToken(model.Token, model.RefreshToken)
}));
}
public IActionResult RefreshTokens(RefreshTokenViewModel viewModel)
{
var model = GetViewModel();
model.RefreshTokenEndpoint = viewModel.RefreshTokenEndpoint?.Trim();
model.RefreshToken = viewModel.RefreshToken?.Trim();
model.ClientId = viewModel.ClientId?.Trim();
model.ClientSecret = viewModel.ClientSecret?.Trim();
model.Scope = viewModel.Scope?.Trim();
if (!ModelState.IsValid)
{
return(View("Index", model));
}
model.AccessToken = null;
var client = new RestClient(model.RefreshTokenEndpoint);
// Prepare POST request to the token endpoint.
var tokenRequest = new RestRequest(model.RefreshTokenEndpoint, Method.POST);
// Send as form.
tokenRequest.AddHeader("content-type", "application/x-www-form-urlencoded");
client.Authenticator = new HttpBasicAuthenticator(model.ClientId, model.ClientSecret);
// Since this is a POST request, RestSharp will add these to the payload (request body).
tokenRequest.AddParameter("grant_type", "refresh_token"); // grant type is now refresh token!
tokenRequest.AddParameter("refresh_token", model.RefreshToken);
tokenRequest.AddParameter("scope", model.Scope);
IRestResponse response = client.Execute(tokenRequest);
model.RawResponse = response.Content;
if (response.IsSuccessful)
{
// Deserialize JSON response.
var tokenResponse = JsonConvert.DeserializeObject <TokenResponseModel>(response.Content);
model.AccessToken = tokenResponse.AccessToken;
model.RefreshToken = tokenResponse.RefreshToken;
model.Focus = "refresh-token";
SetViewModel(model);
return(RedirectToAction("Index"));
}
else
{
// There was an error.
model.RefreshToken = "(Invalid) " + model.RefreshToken;
SetViewModel(model);
model.ErrorMessage = response.Content;
return(View("Index", model));
}
}
public async Task <UserRefreshToken> GetUserRefreshTokensAsync(RefreshTokenViewModel refreshTokenVm)
{
var refreshToken = await _connectionFactory.GetConnection.FindAsync <UserRefreshToken>(x => x
.Include <User>(join => join
.InnerJoin())
.Where($"{nameof(UserRefreshToken.Token):C} = @tokenGuid")
.WithParameters(new { tokenGuid = refreshTokenVm.Token }));
return(!refreshToken.Any() ? null : refreshToken.FirstOrDefault());
}
public void RefreshToken__Is_null_or_empty__Should_be_invalid([Values(null, "")] string token)
{
var invalidVieModel = new RefreshTokenViewModel {
RefreshToken = token
};
var validator = new RefreshTokenViewModelValidator();
validator.ShouldHaveValidationErrorFor(x => x.RefreshToken, invalidVieModel);
}
public async Task <IActionResult> RefreshToken([FromBody] RefreshTokenViewModel viewModel)
{
var account = await _jwtBearer.SignInByRefreshToken(viewModel);
if (account.IsValid)
{
return(WriteToken(account.Result));
}
return(BadRequest(account.ErrorsList));
}
public async Task <IActionResult> RefreshToken([FromBody] RefreshTokenViewModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var response = await _accountAppService.RefreshToken(model);
return(Response(response));
}
public async Task <IActionResult> RefreshToken([FromBody] RefreshTokenViewModel data)
{
var result = await _auth.RefreshTokenAsync(data.Token, data.UserId, data.TokenNumber);
if (result == null)
{
throw new WebApiApplicationException(StatusCodes.Status401Unauthorized, ErrorMessages.InvalidUser, MethodBase.GetCurrentMethod().GetParameters());
}
return(Ok(result, InfoMessages.UserSignin));
}
public ViewResult RefreshToken()
{
// We will set-up correct default values to make it easier for the user to start testing
var model = new RefreshTokenViewModel
{
ClientId = "demo-client-1",
ClientSecret = "demo-client-secret-1",
};
return(this.View(model));
}
public async Task RefreshToken([FromBody] RefreshTokenViewModel viewModel)
{
var account = await _jwtBearer.SignInByRefreshToken(viewModel);
if (account.IsValid)
{
await HttpContext.WriteToken(account.Result);
return;
}
await HttpContext.BadRequest(account.ErrorsList);
}
public async Task RefreshTokenExchangeAsync__Invalid_access_token_was_passed__Should_return_400BadRequest_response()
{
_jwtTokenHandlerMock.Setup(x => x.GetPrincipalFromJwtToken(_invalidAccessToken, true)).Throws <SecurityTokenException>();
var controller = new AuthController(_jwtTokenHandlerMock.Object, _refreshTokenManagerMock.Object, _logger, _mapperMock.Object);
var refreshRequestBody = new RefreshTokenViewModel {
AccessToken = _invalidAccessToken, RefreshToken = _refreshToken
};
var result = await controller.RefreshTokenExchangeAsync(refreshRequestBody);
(result as ObjectResult).StatusCode.Should().Be(400);
((result as ObjectResult).Value as ResponseWrapper).Error.Should().NotBeEquivalentTo(new ApiError());
}
public async Task RefreshTokenExchangeAsync__Passed_refresh_token_not_found__Should_return_400BadRequest_response()
{
_jwtTokenHandlerMock.Setup(x => x.GetPrincipalFromJwtToken(_validAccessToken, true)).Returns(_expiredTokenPrincipal);
_refreshTokenManagerMock.Setup(x => x.GetSavedRefreshTokenAsync(It.IsNotNull <string>())).ThrowsAsync(new InvalidOperationException());
var controller = new AuthController(_jwtTokenHandlerMock.Object, _refreshTokenManagerMock.Object, _logger, _mapperMock.Object);
var refreshRequestBody = new RefreshTokenViewModel {
AccessToken = _validAccessToken, RefreshToken = _refreshToken
};
var result = await controller.RefreshTokenExchangeAsync(refreshRequestBody);
(result as ObjectResult).StatusCode.Should().Be(400);
((result as ObjectResult).Value as ResponseWrapper).Error.Should().NotBeEquivalentTo(new ApiError());
}
public async Task <ActionResult <ServiceResult> > RefreshToken([FromBody] RefreshTokenViewModel model)
{
ServiceResult result;
if (ModelState.IsValid)
{
result = await authServ.RefreshToken(model, HttpContext.Connection.RemoteIpAddress.ToString());
}
else
{
result = new ServiceResult(ModelState);
}
return(result);
}
public async Task <IActionResult> Logout([FromBody] RefreshTokenViewModel model)
{
string refreshToken = model.RefreshToken;
(Token token, User user) = await jwtTokenService.FindUserAndTokenByRefreshTokenAsync(refreshToken);
if (token == null)
{
return(Unauthorized());
}
await jwtTokenService.RevokeUserBearerTokensAsync(user.Id, refreshToken);
return(Ok(new { message = "You loged out successfully." }));
}
public async Task Refresh_ShouldSuccess()
{
HttpClient client = this.factory.CreateClient();
MessengerContext context = this.factory.Server.Host.Services.GetService(typeof(MessengerContext)) as MessengerContext;
#region Login
var data = new
{
UserName = "******",
Password = "******"
};
StringContent content = new StringContent(JsonConvert.SerializeObject(data).ToString(), Encoding.UTF8, "application/json");
HttpResponseMessage loginResponse = await client.PostAsync("/api/auth/login", content);
loginResponse.EnsureSuccessStatusCode();
#endregion
string stringLoginResponse = await loginResponse.Content.ReadAsStringAsync();
JObject loginJsonResult = JObject.Parse(stringLoginResponse);
var refreshTokenViewModel = new RefreshTokenViewModel()
{
RefreshToken = loginJsonResult.Value <string>("refreshToken"),
Token = loginJsonResult.Value <string>("token")
};
StringContent refreshContent = new StringContent(JsonConvert.SerializeObject(refreshTokenViewModel), Encoding.UTF8, "application/json");
HttpResponseMessage refreshResponse = await client.PostAsync("/api/auth/refresh", refreshContent);
refreshResponse.EnsureSuccessStatusCode();
string stringRefreshResponse = await refreshResponse.Content.ReadAsStringAsync();
JObject refreshJsonResult = JObject.Parse(stringRefreshResponse);
string refreshToken = refreshJsonResult.Value <string>("refreshToken");
User user = await context.Users.SingleAsync(x => x.UserName == "testuser");
Assert.True(context.RefreshTokens.Any(x => x.Token == refreshToken &&
x.UserId == user.Id));
}
public IActionResult RefreshToken(RefreshTokenViewModel model)
{
IActionResult response = Unauthorized();
var principal = _refreshToken.GetPrincipalFromExpiredToken(model.Token);
if (principal != null && _refreshToken.ValidateRefreshToken(principal.Identity.Name, model.RefreshToken))
{
var result = new RefreshTokenViewModel
{
Token = _login.BuildToken(principal),
RefreshToken = _refreshToken.GenerateRefreshToken(principal.Identity.Name)
};
_login.SetupCookie(HttpContext, result.Token);
response = Ok(result);
}
return(response);
}
public IActionResult RefreshToken([FromBody] RefreshTokenViewModel model,
[FromServices] IJwtSigningEncodingKey signingEncodingKey,
[FromServices] IJwtEncryptingEncodingKey encryptingEncodingKey)
{
var principal = _tokenService.GetPrincipalFromExpiredToken(model.Token);
var username = principal.Identity.Name;
var newJwtToken = _tokenService.GenerateAccessToken(principal.Claims, signingEncodingKey, encryptingEncodingKey);
var newRefreshToken = _tokenService.GenerateRefreshToken();
return(Ok(
new
{
token = newJwtToken,
refreshToken = newRefreshToken
}));
}
public async Task <IActionResult> RefeshToken(RefreshTokenViewModel model)
{
if (!ModelState.IsValid)
{
_logger.LogError(ModelState.ToString());
var errors = ModelState.ToDictionary(x => x.Key, x => x.Value.Errors.Select(e => e.ErrorMessage).ToList())
.Select(x => new ValidationResponse()
{
Key = x.Key,
Validations = x.Value
});
return(BadRequest(errors));
}
var principal = GetPrincipalFromExpiredToken(model.Token);
if (principal == null)
{
var errors = new List <ValidationResponse>()
{
new ValidationResponse
{
Key = "Token",
Validations = new List <string>()
{
"TOKEN_NOT_INVALID"
}
}
};
return(BadRequest(errors));
}
var user = await _userManager.GetUserAsync(principal);
var verifyRefreshTokenResult = _userManager.PasswordHasher.VerifyHashedPassword(user, user.RefreshTokenHash, model.RefreshToken);
if (verifyRefreshTokenResult == PasswordVerificationResult.Success)
{
var claims = await BuildClaims(user);
var newToken = _tokenService.GenerateAccessToken(claims);
return(Ok(new { token = newToken }));
}
return(Forbid());
}
public async Task RefreshTokenExchangeAsync__Access_token_does_not_expiry__Should_return_400BadRequest_response()
{
var notExpiredTokenPrincipal = GetNotExpiredTokenPrincipal();
var notExpiredJwtToken = new JwtSecurityToken(expires: DateTime.UtcNow.AddDays(1));
string notExpiredAccessToken = new JwtSecurityTokenHandler().WriteToken(notExpiredJwtToken);
_jwtTokenHandlerMock.Setup(x => x.GetPrincipalFromJwtToken(It.IsNotNull <string>(), true)).Returns(notExpiredTokenPrincipal);
var controller = new AuthController(_jwtTokenHandlerMock.Object, _refreshTokenManagerMock.Object, _logger, _mapperMock.Object);
var refreshRequestBody = new RefreshTokenViewModel {
AccessToken = notExpiredAccessToken, RefreshToken = _refreshToken
};
var result = await controller.RefreshTokenExchangeAsync(refreshRequestBody);
(result as ObjectResult).StatusCode.Should().Be(400);
((result as ObjectResult).Value as ResponseWrapper).Error.Should().NotBeEquivalentTo(new ApiError());
}
public async Task <IActionResult> RefreshToken([FromBody] RefreshTokenViewModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest());
}
var user = await _db.Users.SingleOrDefaultAsync(x => x.RefreshToken == model.RefreshToken);
if (user == null)
{
return(BadRequest());
}
var token = await GenerateToken(user);
return(Ok(token));
}
